REMARKS 

Claims 1-68 were presented for examination and are pending in this application. 
In an Office Action dated November 16, 2007, claims 1-5, 12-15 and 22-68 were rejected; claims 
6-11 were objected to, and claims 15-21 were allowed. Applicant has amended claims 2-4, 25- 
26 and 54-55, reviewed the office action and the cited reference, and respectfully traverses the 
rejection of claims 1-5, 12-15 and 22-68. 

Allowable Subject Matter 

On page 2 the office action, the Examiner indicated that claims 16 to 21 were 
allowed. Examiner also indicated that claims 6- 1 1 would be allowable if rewritten to include all 
the limitations of the base claim and any intervening claims. Applicant thanks the Examiner for 
review of these claims. 

Response to Rejection Under 35 U.S.C. $ 112, %1 

On page 2 of the office action, the Examiner rejected claims 2-4 and 25-26 under 
35 U.S.C. § 1 12, first paragraph as failing to comply with the written description requirement. In 
particular, the Examiner contends that the claims recite "security identifiers" which are not 
disclosed in the instant specification. Applicant respectfully disagrees and traverses this 
rejection. Support for the term "identifier" and its usage and recognition can be found in 
paragraph [0043] of the specification. However to avoid any confusion and ambiguity, the 
applicant has amended claims 2-4 and 25-26 to replace the term "security identifiers" with 
—identifiers--. Applicant submits that with these amendments to claims 2-4 and 25-26, these 



15 



claims comply with the written description requirement. Applicants respectfully request that the 
rejection under 35 USC § 1 12, first paragraph be withdrawn 



Response to Rejection Under 35 U.S.C. $ 102(e) 

Claims 1-5, 12-15 and 22-68 stand rejected under 35 U.S.C. § 102(e) as being 
unpatentable over Arteaga et al, U.S. Publication Number 2002/0161826 (hereafter "Arteaga"). 
Applicant respectfully traverses the rejection of claims 1-5, 12-15 and 22-68. 

The Examiner contends regarding Claims 1 and 23 that Arteaga teaches and 
describes receiving a SOAP message; determining whether at least one security rule has been 
defined for the SOAP message, the at least one security rule being defined based on a security 
policy for exchanging SOAP messages between at least one client program and at least one 
server program, and performing at least one security related operation on the SOAP message 
based on the at least one security rule when the determining determines that at least one security 
rule is associated with the SOAP message (paragraph [0092 - 0095]). The Examiner cites the 
same paragraphs of Arteaga in rejecting claim 27. 

Applicants disagree that there is any such teaching in Arteaga, especially in the 
paragraphs cited by the Examiner. 
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Claim 1 recites in relevant part: 



determining whether at least one security rule has been defined for the 
SOAP message, the at least one security rule being defined based 
on a security policy for exchanging SOAP messages between at 
least one client program and at least one server program; and 

performing at least one security related operation on the SOAP message 
based on the at least one security rule when the determining 
determines that at least one security rule is associated with the 
SOAP message. 

. . . .[Emphasis added.] 

Claim 27 recites in relevant part: 

determining whether at least one rule is associated with the SOAP 
message; 

evaluating the at least one rule at least partially based on the collected 

data; and 
. . . .[Emphasis added.] 

Independent claims 23, 33, 38, 39, 52, 53, 56, 65 and 66 all include similar 
limitations of determining .... [a] rule, and performing .... [the] rule .... or evaluating 

Applicant submits that these claimed steps of determining whether there is a rule 
for the SOAP message and performing or evaluating the rule on the SOAP message for security 
purposes is advantageous because it allows security to be set up on a per SOAP message basis. 
The steps of determining whether there is a rule for the SOAP message and performing or 
evaluating the rule on the SOAP message for security purposes are not disclosed, taught or 
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suggested by Arteaga. There is no mention whatsoever anywhere in Arteaga of assigning or 
defining rules for SOAP messages or performing or evaluating the rule for security of SOAP 
messages. There is simply no such disclosure, teaching or suggestion of such in Arteaga. 

The Examiner contends that the claimed features are disclosed in Arteaga at 
paragraphs [0092 - 0095]. Applicant has reviewed paragraphs [0092 - 0095] of Arteaga and yet 
they say nothing about security or disclose in any way the language of the claims noted above. 
Rather, these paragraphs disclose how version control is implemented and do not relate to 
security at all. These paragraphs mention SOAP in passing as a "version control SOAP request" 
(see Paragraph [0093]) and a SOAP object call (see Paragraph [0095]). But these are all in the 
context of version control and NOT security. Version control is not the same as security. 
Version control as stated in the beginning of paragraph [0092] is about the "process of updating 
the applications that have been deployed to the client devices." Clearly, this is not the same as 
message security. 

In rejecting the other claims under 35 U.S.C. § 102(e) the Examiner also cites 
paragraphs [0107, 0108, 0120, 0099, 0157, 0102, 0099 and 0103] of Arteaga. Again, none of 
these paragraphs disclose anything even remotely close to the claim language of claims 1 , 23 or 
27. For example, paragraphs [0099 and 0102] are about synchronization not security; paragraph 
[0107] is about authentication not security; paragraph [0120] is about deployment packages and 
Cabinet files, and not security; and paragraph [0157] is about SOAP envelopes and not security. 
While paragraphs [0103 and 0108] discus a security controller 230 of Arteaga, this security 
controller 220 is for the entire system. It does not relate to security for SOAP messages, and 
more importantly, fails to disclose the claimed steps of claims 1, 23 and 27 of determining 
whether there is a rule for the SOAP message and performing or evaluating the rule on the SOAP 
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message for security purposes. Thus, Applicants strongly disagree with the Examiner and 
believe that claims 1 , 23 and 27 are patentably distinct over Arteaga. 

Independent claims 33, 38, 39, 52, 53, 56, 65 and 66 include limitations similar to 
claims 1, 23 and 27; and therefore, are likewise believed to be patentable over Arteaga. Each of 
these claims includes the determining of a rule and a performing or evaluating step but in related 
security contexts. For example, claim 38 also recites service attacks, claims 39 and 53 also 
recites controlling publication, claim 52 also recites granting access, and claims 56, 65 and 66 
also recite taking an action. 

Claims 2-15, 22, 24-26, 28-32, 34-37, 40-51, 54, 55, 57-64 and 67-68 depend 
directly or indirectly from claims 1, 23, 27, 33, 39, 53, 56 and 66 and therefore, include the 
limitations similar to claim 1. Claims 54 and 55 have been amendment to depend from claims 
53. Additionally, claims 2-15, 22, 24-26, 28-32, 34-37, 40-51, 54, 55, 57-64 and 67-68 recite 
other patentable distinctions. For example, claim 2-4 further recite the use of identifiers, claim 5 
specifies looking up rules associated with message type, claim 29 includes determining a portion 
of history to be collected, etc. Thus, claims 2-15, 22, 24-26, 28-32, 34-37, 40-51, 54, 55, 57-64 
and 67-68 are likewise believed to be patentable over the cited art based both on the their 
dependence on a patentably distinct independent claim and the other patent distinctions they 
recite. 

Applicant submits that claims 1-5, 12-15 and 22-68 are patentably distinct over 
the art of record and respectfully requests allowance of claims 1-5, 12-15 and 22-68. 
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Conclusion 

In sum, Applicant respectfully submits that all claims now pending are patentable 
over the cited reference for at least the reasons given above, while not necessarily conceding any 
contention not specifically addressed. Applicant requests reconsideration of the basis for the 
rejections of and objections to these claims and request allowance of the claims. 

If the Examiner believes that for any reason direct contact with Applicant's 
attorney would help advance the prosecution of this case, the Examiner is invited to telephone 
the undersigned at the number given below. 

Respectfully Submitted, 
Kerry Champion 
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